Not disclosing reason for auth failed was by design is a security measure. Same reason goes for not displaying how long you have to wait for it to unlock.

However what we should do is make use of two hooks and entries in ZmMsg.properties, one for loginError (current) and a new one called loginLockoutError allowing you customize the msg.

For now I would change your /opt/zimbra/mailboxd/webapps/zimbra/WEB-INF/classes/messages to something like:
"The username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current username and password. Or your account has been locked due to multiple failure attempts - please wait for it to re-enable or contact your administrator."